# --- tailscale
service tailscale restart

uci add network tailscale
uci set network.tailscale=interface
uci set network.tailscale.proto=none
uci set network.tailscale.device=tailscale0
uci commit network

uci add firewall zone
uci set firewall.@zone[-1]=zone
uci set firewall.@zone[-1].name=tailscale
uci set firewall.@zone[-1].input=ACCEPT
uci set firewall.@zone[-1].output=ACCEPT
uci set firewall.@zone[-1].forward=ACCEPT
uci set firewall.@zone[-1].masq=1
uci set firewall.@zone[-1].mtu_fix=1
uci set firewall.@zone[-1].network=tailscale
uci commit firewall

uci add firewall forwarding
uci set firewall.@forwarding[-1].src=tailscale
uci set firewall.@forwarding[-1].dest=wan
uci commit firewall

uci add firewall forwarding
uci set firewall.@forwarding[-1].src=lan
uci set firewall.@forwarding[-1].dest=tailscale
uci commit firewall

uci add firewall forwarding
uci set firewall.@forwarding[-1].src=tailscale
uci set firewall.@forwarding[-1].dest=lan
uci commit firewall

tailscale up --accept-routes=true  --advertise-routes=192.168.8.0/24 --reset netfilter-mode=off
service tailscale restart
